Is it possible to shut down the internet?

Our modern society is increasingly depending on the internet for its existence. If there was a way to shut down the internet then little things like, hmm let’s think… phones, TV, drinking water supply, waste water purification, the economic system etc. All that and more would more or less instantly stop working. Even power plants and the power grid itself would probably stop working since they too are becoming more dependent on remote management through the internet. One could argue it being pretty important to keep the internet up and running.

But could it be shut down?

Internet is a resilient network. Wikipedia definition: ”the ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation. Threats and challenges for services can range from simple misconfiguration over large scale natural disasters to targeted attacks.”

This means that the internet dynamically reconfigures itself when something goes wrong. On the internet backbone this is typically done using the BGP protocol. It also means you can not shut down the internet by just cutting one cable. There is no single point of failure.

Is there a kill switch?

Lately more and more people are arguing that internet needs a kill switch to – for instance – quickly take a country offline in case of ongoing cyber attacks. To install a kill switch you would first have to insert a single point of control into the network. This is typically a bad idea and goes against the idea of resilience. Think about it. If you have the power to shut down the single point and take the country offline, what is stopping an adversary to for instance detonate an EMP over that single point and in one blow take the country offline? The answer is that there is no internet kill switch today and it would probably be a bad idea to install one. This even before considering the ”human right” aspect  (people consider it a human right to have internet access nowadays).

But I still want to shut down the internet!

Seven mythical keys

Another way to cripple the internet would be to stop the DNS system from working. There are rumors about seven mythical keys that are passed on through some mystical ceremony. Could those seven keys be used to kill the internet? Short answer, no. Long answer, read this article from ICANN.

The DNS servers can also be attacked using denial of service attacks but that would only take them offline for a limited time period, annoying as it is, not critical. There are various other DNS attacks possible too but all these DNS problems only cripples the internet, doesn’t shut it down entirely.

So how can I shut it down then? Please, please tell me.

Short answer: YOU can’t. But still there might be a way for an advanced actor. After Snowden there has been lots of talk about backdoors and implants for routers. Take a look at the core routers on the internet backbone.  There are only a limited number of models used as core routers. If an actor with enough resources can find a way into each one of these models, then they can reconfigure BGP on the core routers and have full control over enabling and disabling arbitrary parts of the internet!

This is what happened for instance in Egypt 2011 when the government shut down all internet service providers except the one the government itself used (working some BGP magic to accomplish this).

So a government can clearly shut down arbitrary parts of the internet in its own country. But any actor with access to the routers could do it, if they just found a way in. Snowden showed that NSA can do it. Probably the Chinese, Russians, British and maybe others too. Anyone of those actors can take any parts of any country offline if they can just get into the core routers. To make it harder to recover they could also change the passwords, or in other ways change the authentication mechanisms to stop the rightful owners to get back into their own routers and restore normal operation.

Another way is to just cut the power for the routers, but that is not very practical since you would have to cut the power in many physical places at once. If you are capable of doing that then you are already in control of the country.

In short, it is very hard to shut down the internet, but it can be done if you can get into the core routers on the internet backbone.

Annonser

Om albertveli

Grävande programmerare.
Det här inlägget postades i Säkerhet. Bokmärk permalänken.

2 kommentarer till Is it possible to shut down the internet?

  1. Patrik Andersson skriver:

    Intressant. Har du hört om ”ens” och ethereum? Nya sätt finns ju att lösa DNS hotet nu. Ta en titt på https://ens.domains/
    Mvh
    Alphapapaactual

    • albertveli skriver:

      Jag hade inte hört talas om just ens, men har läst om massor av olika förslag för att förbättra DNS. Grejen med alla dessa förslag är att de bara är teorier tills att de verkligen börjar användas. DNSsec är väl det som flest pratar om, även om folk har pekat ut problem med dnssec också.

Kommentera

Fyll i dina uppgifter nedan eller klicka på en ikon för att logga in:

WordPress.com Logo

Du kommenterar med ditt WordPress.com-konto. Logga ut / Ändra )

Twitter-bild

Du kommenterar med ditt Twitter-konto. Logga ut / Ändra )

Facebook-foto

Du kommenterar med ditt Facebook-konto. Logga ut / Ändra )

Google+ photo

Du kommenterar med ditt Google+-konto. Logga ut / Ändra )

Ansluter till %s